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This Application has been carefully reviewed in light of the Office Action mailed 
March 25, 2005. Claims 1-20 were pending in the Application. In the Office Action, Claims 
1-20 were rejected. Claims 1-20 remain pending in the Application. Applicant respectfully 
requests reconsideration and favorable action in this case. 

Applicant has amended the specification beginning on page 1 to provide serial 
numbers of the indicated related applications. Favorable action is respectfully requested by 
the Examiner. 

In the Office Action, the following actions were taken or matters were raised: 
SFPTION i n? PFTFrTTONS 

Claims 1-20 were rejected under 35 U.S.C. 102(e) as being anticipated by U.S. Patent 
No. 6,279,113 issued to Vaidya (hereinafter "Vaidya"). Applicant respectfully traverses this 
rejection. 

A claim is anticipated only if each and every element as set forth in the claim is found, 
either expressly or inherently described, in a single prior art reference. Verdegaal Bros. v. 
Union Oil Co. of California, 814 F.2d 628, 631, 2 U.S.P.Q.2d 1051, 1053 (Fed. Cir. 1987); 
MPEP 2131. Additionally, "[t]he identical invention must be shown in as complete detail as 
is contained in ... the claim." Richardson v. Suzuki Motor Co., 868 F.2d 1226, 1236, 9 
U.S.P.Q.2d 1913, 1920 (Fed. Cir. 1989); MPEP 2131. 

Of the rejected claims. Claims 1, 7 and 17 are independent. Applicant respectfully 
submits that Vaidya does not disclose or even suggest each and every limitation of 
independent Claims 1, 7 and 17. 

Independent Claim 1 recites, at least in part, "receiving a packet by an intrusion 
prevention system," "invoking a signature analysis algorithm" and "comparing the packet by 
the intrusion prevention system with a first nilfi set comprising a nilfi logically defining a 
packeL-signature" (emphasis added). In rejecting independent Claim 1, the Examiner has 
simply reproduced all the claim limitations of Claim 1 and then refers generally to various 
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portions of Vaidya (Office Action, pages 2-3). Applicant respectfully reminds the Examiner 
that 35 U.S.C. § 102 clearly states that "[a] person shall be entitled to a patent unless . . . ." 
Accordingly, the burden for proving anticipation under 35 U.S.C. § 102 is on the Examiner, 
and it is the Examiner who has to prove that a claim is not patentable. In rejecting Claim 1, 
the Examiner has not provided any reasoning or made any assertions as to why he believes 
that the portions of Vaidya referred to anticipate Claim 1. Applicant submits that the cited 
portions of Vaidya do not teach or suggest all limitations of Claim 1. For example, regarding 
Claim I's recitation of "comparing the packet by the intrusion prevention system with a fiist 
nilft sftt comprising ^ n.iR ingiraiiy Hftfining fl packet sifmRtiire" (emphasis added), the 
Examiner refers generally to "(Col 7 lines 32-36)" of Vaidya (Office Action, pages 2-3). 
Column 7, lines 32-36 of Vaidya recite the following: 

The configuration builder module 32 temporarily stores the 
applicable attack signature profiles in an instruction cache 42. 
The virtual processor 36 processes the attack signature profiles 
to determine whether the packet is associated with a network 
intrusion attempt. 

Thus, Applicant respectfiiUy submits that the portion of Vaidya referred to by the Examiner 
fails to disclose or even suggest at least the above-referenced limitation(s) recited by 
independent Claim 1, and Applicant is unable to determine why the Examiner believes that 
the portion of Vaidya referred to by the Examiner anticipates Claim 1. Applicant respectfiiUy 
reminds the Examiner that in order to make a prima facie case of anticipation, "[t]he identical 
invention must be shown in as complete detail as is contained in the . . . claim" and that each 
and every element as set forth in the claim must be found in the reference. Applicant submits 
that such detail is lacking in Vaidya, and the Office Action fails to explain why the Examiner 
believes that such detail is present in Vaidya. To the contrary. Applicant respectfully submits 
that Vaidya does not disclose or even suggest, either in the portion referred to by the 
Examiner or elsewhere in Vaidya, "a first nilR SRt comprising a nilp, logically defining a 
packfiLsignature" as recited by independent Claim 1 (emphasis added). Therefore, for at least 
this reason. Applicant submits that Vaidya does not anticipate independent Claim 1. 
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Independent Claim 7 recites, at least in part, an "intrusion prevention system 
comprising an associative process engine and an input/output control layer, the input/output 
control layer operable to receive a signature file generated from a network exploit nile 

rnmpTHRing an opf^ranH an oppra tnr ^nA a ma^k" where "the input/output COntrol layer [is] 

operable to pass the signature file to the associative process engine, the associative process 
engine operable to analyze a data packet with the signature file and assign a logienl value to 

fh(^ gignatiirf> file HpppnHpnt npnn a rf^snlt from the analysis" (emphasis added). In rejecting 

Claim 7, the Examiner merely reproduces all the claim limitations of Claim 7 and then refers 
generally to various portions of Vaidya (Office Action, pages 4-5). For example, regarding 
the above-referenced limitation(s), the Examiner merely states "(Col 7 lines 24-36, Col 6 
lines 7-11, and Col 10 lines 25-45)" and "(Col 11 Unes 15-50)," respectively (Office Action, 
pages 4-5) without indicating which components of Vaidya the Examiner is relying on to 
purportedly teach, for example, "an associative process engine," "an input/output control 
layer," "a network exploit rule," "an operand, an operator and a mask" of such "network 
exploit rule" or "assign[ing] a logical value to the signature file" as recited by Claim 7. 
Because the Office Action fails to provide any indication of which components of Vaidya are 
relied upon by the Examiner to teach the Umitations of Claim 7, Applicant finds it difficult, if 
not impossible, to adequately address the Examiner's rejection. Applicant requests the 
Examiner to clearly indicate which components of Vaidya the Examiner is relying on to teach 
the limitations of Claim 7 so that AppUcant may have an opportunity to address the 
Examiner's concerns. For example, independent Claim 7 recites "a signature file generated 
from a nfifwrirk fivplnit nilfi r o mpn'sing an operand an operator and a mask " (emphasis 
added). Regarding the above-referenced limitation(s), the Examiner merely states "(Col 7 
lines 24-36, Col 6 lines 7-11, and Col 10 lines 25-45)" (Office Action, page 4). Column 7, 
lines 32-36 of Vaidya are recited above, and Column 6, lines 7-11 of Vaidya recite the 
following: 

The configuration builder module 32 accesses the appropriate 
attack signature profile sets during operation of the data 
collector 10 and provides the attack signature profiles to a 
statefiil dynamic signature inspection (SDSI) virtual processor 
36. 
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Further, column 10, lines 25-45 of Vaidya appear to be directed toward "[a] formal 
description nf an attark signature in a loose BNR parsing grammar" {Vaidya, Column 10, 
lines 22-23) (emphasis added). Thus, Vaidya does not appear to disclose or even suggest "a 
network exploit rule" from which an attack signature is generated where the "network exploit 
rule compris[es] an operand, an operator and a mask" as recited by Claim 7. 

Additionally, regarding Claim 7's recitation of "the input/output control layer 
operable to pass the signature file to the associative process engine, the associative process 
engine operable to analyze a data packet with the signature file and assign a logical value to 

thp signature file HeppnHent npon a rpsnlt from \he^. analysis^^ (cmphasis added), the Examiner 

merely states "(Col 11 lines 15-50)" (Office Action, pages 4-5). Column 11, lines 15-50 of 
Vaidya appear to be directed toward a method for processing a sequential attack signature by 
splitting the attack signature into separate expressions and sequentially evaluating each 
separate expression with a data packet {Vaidya, colunm 11, lines 15-50). Thus, Vaidya does 
not appear to disclose or even suggest, either in the portion of Vaidya referred to by the 
Examiner or elsewhere in Vaidya, an "associative process engine operable to analyze a data 
packet with the signature file and assign a Ingiral vahie to thf; signatiirf? filfi dependent npon a 
re^uW from the analysif; " as recited by Claim 7 (emphasis added). Accordingly, for at least 
these reasons. Applicant respectfully submits that Vaidya does not anticipate Claim 7. 

Independent Claim 17 recites, at least in part, "reading a data packet," "selecting a set 
of a pluraUty of signature files fi-om a plurality of sets of signature files, each respective 
signature file of the plurality of sets of signature files generated fi"om a respective rule of at 
least one rule set comprised of a plurality of rules" and "comparing the data packet with at 
least one signature file of the selected set." In the Office Action pertaining to the rejection of 
Claim 17, the Examiner reproduces only the limitations of independent Claim 1 and then 
merely refers to various portions of Vaidya (Office Action, pages 2-3). Accordingly, because 
the Office Action fails to provide any indication of which components or purported teachings 
of Vaidya are relied upon by the Examiner to teach the limitations of Claim 17, Applicant 
finds it difficult, if not impossible, to adequately address the Examiner's rejection. Applicant 
requests the Examiner to clearly indicate which components of Vaidya the Examiner is 
relying on to teach the limitations of Claim 7 so that Applicant may have an opportunity to 
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address the Examiner's concerns. For example, independent Claim 17 recites "selecting a set 
of a plurality of signature files from a plurality of sets of signature files, each respective 
signature file of the plurality of sets of signature files generated from a respective rule of at 
least one rule set comprised of a plurahty of rules." Applicant respectftxUy submits that 
Vaidya does not appear to disclose or even suggest at least the above-referenced limitafion(s) 
either in the portions of Vaidya referred to by the Examiner or elsewhere in Vaidya, 
Moreover, because the Examiner appears to have ignored the limitations recited by Claim 17 
(Office Action, pages 2-3), Applicant is unable to determine what components or purported 
teachings of Vaidya the Examiner considers to correspond with at least the above-referenced 
Umitation. For example, the Examiner does not appear to have explicitly indicated or 
identified in Vaidya what the Examiner considers to be "at least one rule set comprised of a 
plurality of rules" from which a signature file is generated. Therefore, for at least these 
reasons, Applicant submits that Vaidya does not anticipate Claim 17. 

Claims 2-6, 8-16 and 18-20 that depend respectively from independent Claims 1, 7 
and 17 are also not anticipated by Vaidya at least because they incorporate the limitations of 
respective Claims 1, 7 and 17 and also add additional elements that further distinguish 
Vaidya. Therefore, Applicant respectfully requests that the rejection of Claims 2-6, 8-16 and 
1 8-20 be withdrawn. 
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CONCTJISTON 



Applicant has made an earnest attempt to place this case in condition for immediate 
allowance. For the foregoing reasons and for other reasons clearly apparent. Applicant 
respectfully requests reconsideration and full allowance of all pending claims. 

No fee is believed due with this Response. If, however, AppUcant has overlooked the 
need for any fee due with this Response, the Commissioner is hereby authorized to charge any 
fees or credit any overpayment associated with this Response to Deposit Account No. 08- 
2025 of Hewlett-Packard Company. 



Date: Tnnp.?^^ 200S 

Correspondence to: 

L Joy Griebenow 

Hewlett-Packard Company 

Intellectual Property Administration 

P. O. Box 272400 

Fort Collins, CO 80527-2400 

Tel. 970-898-3884 



Respectfully submitted, 




Reg. No. 43,486 
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